Methods and systems for secure acquisition, interpretation and transmission of data under hipaa compliant protocol

ABSTRACT

Methods and systems for acquiring a machine-readable optical code, decoding the optical code into a patient identifier, and receiving from a database a billing record filled with patient data corresponding to the patient identifier. The method includes reading by a mobile device the machine-readable optical code and decoding the optical code into a patient identifier. The method includes transmitting the patient identifier to a database. The method includes receiving from the database at least partially filled billing record with patient data corresponding to the patient identifier and displaying on the mobile device the at least partially filled billing record. The method includes searching the database using the patient identifier, and retrieving the patient data corresponding to the patient identifier. The method includes at least partially filling a billing record with the patient data, and transmitting the at least partially filled billing record to the mobile device.

CROSS-REFERENCE TO RELATED APPLICATION

This application claims the benefit of U.S. Provisional Application Ser.No. 62/062,601, filed by Osorio, et al., on Oct. 10, 2014, entitled“Multi-feature Mobile Software Application that Generate [sic.] a SecureEnvironment to Capture Data under a HIPAA/Hitech Complaint [sic.]Protocol,” commonly assigned with this application and incorporatedherein by reference.

TECHNICAL FIELD

The disclosure relates to methods and systems for secure acquisition,interpretation and transmission of data under HIPAA compliant protocol.

BACKGROUND

The Health Insurance Portability and Accountability Act (HIPAA) requireshealthcare providers (e.g., physicians, hospitals), health insurancecompanies and other businesses associated with the healthcare industryto implement control of access to mobile devices, computer systems andnetworks that process and store patient health information (PHI). HIPAArequires that mobile devices and computer systems that process and storePHI are protected from intrusion. Also, HIPAA requires any communicationcontaining PHI transmitted electronically over open networks isencrypted to prevent unauthorized interception.

Since healthcare providers and other businesses associated with thehealthcare industry typically operate and maintain computer systems,networks, and applications to process and store PHI, they must ensurethat PHI is protected from intrusions. Also, healthcare providers andhealth insurance companies must ensure that electronically transmittedPHI is protected from unauthorized interception. If PHI is stolen byintrusion of computer systems or if PHI is intercepted duringtransmission, businesses may face legal and financial liabilities.

Recently, increasing use of mobile communication and computing deviceshave encouraged development of systems that enable communication withhealthcare service providers from a mobile device. Some systems allow aperson to review medical records and update records from a mobiledevice. For example, an application may enable entry and upload ofpersonal information from a mobile device to a physician's office priorto a visit. However, existing systems and methods generally do not allowsecure acquisition and transmission of PHI. Also, existing systems andmethods do not allow convenient and efficient upload of informationcontaining PHI from a mobile device. Accordingly, improved systems andmethods are needed.

SUMMARY

Various disclosed embodiments provide methods and systems, executable ona mobile device, for acquiring a machine-readable optical code, decodingthe optical code into a patient identifier, and receiving from adatabase a billing record filled with patient data corresponding to thepatient identifier.

According to disclosed embodiments, the method includes reading by amobile device a machine-readable optical code and decoding the opticalcode into a patient identifier. The method includes transmitting thepatient identifier to a database. The method includes receiving from thedatabase at least partially filled billing record with patient datacorresponding to the patient identifier, and displaying on the mobiledevice the at least partially filled billing record. The patientidentifier is an ASCII code that identifies a patient. Themachine-readable optical code may be a Quick Response Code or a standardone-dimensional barcode.

The method includes searching the database using the patient identifier,and retrieving the patient data corresponding to the patient identifier.The method includes at least partially filling a billing record with thepatient data, and transmitting the at least partially filled billingrecord to the mobile device.

The method includes allocating a volatile memory space in the mobiledevice for a session, and storing the patient identifier in theallocated volatile memory space. The method includes transmitting thepatient identifier using a secure transmission protocol during thesession. The method includes de-allocating the volatile memory space atthe termination of the session, wherein the de-allocation of thevolatile memory space causes the patient identifier to be erased fromthe volatile memory space.

The method includes allocating volatile memory space in the mobiledevice for a session, and storing the received patient data and the atleast partially filled billing record in the allocated volatile memoryspace. The method includes de-allocating the volatile memory space atthe termination of the session, wherein the de-allocation of thevolatile memory space causes the stored patient data and the at leastpartially filled billing record to be erased from the volatile memoryspace.

According to disclosed embodiments, a system includes a mobilecommunication device configured to communicate over a communicationnetwork. The mobile communication device includes at least one processorand a volatile memory space coupled to the processor. The volatilememory space is allocated for a defined session and de-allocated at thetermination of the session.

The system includes a barcode reader configured to read amachine-readable optical code and to decode the optical code into apatient identifier. The processor is configured to store the patientidentifier, patient data corresponding to the patient identifier, and abilling record at least partially filled with the patient data in thevolatile memory space. The de-allocation of the volatile memory spaceerases stored data in the volatile memory space.

The foregoing has outlined rather broadly the features and technicaladvantages of the present disclosure so that those skilled in the artmay better understand the detailed description that follows. Additionalfeatures and advantages of the disclosure will be described hereinafterthat form the subject of the claims. Those skilled in the art willappreciate that they may readily use the conception and the specificembodiment disclosed as a basis for modifying or designing otherstructures for carrying out the same purposes of the present disclosure.Those skilled in the art will also realize that such equivalentconstructions do not depart from the spirit and scope of the disclosurein its broadest form.

Before undertaking the DETAILED DESCRIPTION below, it may beadvantageous to set forth definitions of certain words or phrases usedthroughout this patent document: the terms “include” and “comprise,” aswell as derivatives thereof, mean inclusion without limitation; the term“or” is inclusive, meaning and/or; the phrases “associated with” and“associated therewith,” as well as derivatives thereof, may mean toinclude, be included within, interconnect with, contain, be containedwithin, connect to or with, couple to or with, be communicable with,cooperate with, interleave, juxtapose, be proximate to, be bound to orwith, have, have a property of, or the like; and the term “controller”means any device, system or part thereof that controls at least oneoperation, whether such a device is implemented in hardware, firmware,software or some combination of at least two of the same. It should benoted that the functionality associated with any particular controllermay be centralized or distributed, whether locally or remotely.Definitions for certain words and phrases are provided throughout thispatent document, and those of ordinary skill in the art will understandthat such definitions apply in many, if not most, instances to prior aswell as future uses of such defined words and phrases. While some termsmay include a wide variety of embodiments, the appended claims mayexpressly limit these terms to specific embodiments.

BRIEF DESCRIPTION

Reference is now made to the following descriptions taken in conjunctionwith the accompanying drawings, in which:

FIG. 1 is a schematic block diagram of a communication system in whichembodiments of the disclosure can be implemented;

FIG. 2 illustrates an application executable on the mobile deviceaccording to disclosed embodiments;

FIG. 3 illustrates the application with a scan button;

FIG. 4 shows an acquired QR code;

FIG. 5 is a flow diagram of a method according to disclosed embodiments;

FIG. 6 illustrates a partially filled billing record; and

FIG. 7 is a flow diagram of a method according to disclosed embodiments.

DETAILED DESCRIPTION

FIGS. 1-7, discussed below, and the various embodiments used to describethe principles of the present disclosure are by way of illustration onlyand should not be construed in any way to limit the scope of thedisclosure. Those skilled in the art will recognize that the principlesof the disclosure may be implemented in any suitably arranged device ora system. The numerous innovative teachings of the present disclosurewill be described with reference to exemplary non-limiting embodiments.

Various disclosed embodiments provide methods and systems, executable ona mobile device, for acquiring a machine-readable code, decoding thecode into a patient identifier, and receiving from a database a billingrecord filled with patient data corresponding to the patient identifier.

According to disclosed embodiments, methods and systems provide secureacquisition of a machine-readable optical code by a mobile device. Themobile device includes a processor coupled to a memory, including anon-volatile memory defined for a session. The machine-readable opticalcode is decoded into a patient identifier and is stored in thenon-volatile memory.

During the defined session, the patient identifier is transmitted to adatabase using a secure transmission protocol (STP). The database issearched using the patient identifier, and patient data corresponding tothe patient identifier is retrieved. A billing record is at leastpartially filled with the patient data, and the at least partiallyfilled billing record is transmitted to the mobile device. The billingrecord is displayed on the mobile device.

At the conclusion or termination of the defined session, the volatilememory is de-allocated, thereby erasing the patient data, the billingrecord or any other patient health information (PHI) from the volatilememory. Thus, after the termination of the session, no PHI ispersistently retained by the mobile device.

FIG. 1 is a schematic block diagram of a communication system 100 inwhich embodiments of the disclosure can be implemented. The system 100includes a mobile communication device 104 which may take the form of amobile phone, a laptop computer, a tablet computer or the like. Themobile device 104 is configured to wirelessly communicate with othercommunication devices via a communication network 122. The network 122may be a mobile cellular network such as a 3GPP network or otherCDMA/GSM network. The network 122 may be linked to another network 126such as the Internet.

The system 100 includes a web server 130 and an application server 134connected to the Internet 126. The application server 134 is configuredto store one or more applications and provide access to the applicationsover the Internet. Thus, the mobile device 104 can access theapplications over the networks 122 and 126, and run the applicationsremotely. The web server 130 is configured to generate web pagesincluding any web pages generated by running one or more applications inthe application server 134. The mobile device 104 can download web pagesfrom the web server 130 over the networks 122 and 126.

A database 138 is connected to the application server 134. The database138 is configured to store data such as, for example, patient data. Thepatient data may include patient health information (PHI) which containspatient medical records.

The application server 134 may include a search engine configured tosearch the database 138 and retrieve data from the database 138. Thesearch results may be downloaded by the mobile device 104 over thenetworks 122 and 126. Thus, for example, using the search engine themobile device 104 can search and download PHI from the database 138 overthe networks 122 and 126.

The mobile device 104 includes a processor 108 connected to a memory112. The processor 108 may be of the type generally used in mobiledevices such as those manufactured by Intel Corporation or ARM Holdings.

According to disclosed embodiments, the memory 112 comprises anon-volatile memory 116 and a volatile memory 120. In the non-volatilememory 116, any data stored is persistently retained even afterelectrical power is removed from the non-volatile memory 116. Thus, anydata stored in the non-volatile memory 116 is not erased followingremoval of electrical power. In contrast, any data stored in thevolatile memory 120 is erased, and thus lost, after electrical power isremoved from the volatile memory 120. Thus, any data stored in thevolatile memory 120 is not persistently retained after removal ofelectrical power.

According to disclosed embodiments, the volatile memory space may beallocated by marking portions of it as being allocated to an applicationin a memory allocation table and de-allocated by marking those portionsas unallocated at the termination of the session and perhaps alsooverwriting it. Alternatively, the volatile memory space may beallocated by applying electrical power to the volatile memory 120 andde-allocated by removing electrical power at the termination of thesession. Volatile memory space that is temporarily allocated to anapplication is sometimes called “scratchpad” memory. In the context ofcertain mobile device operating systems commercially available fromApple Incorporated of Cupertino, Calif. (e.g., OS X®), such temporarilyallocated volatile memory is called a “sandbox” and is designed toprevent applications from interfering with one another or the operatingsystem, except as the operating system permits.

The mobile device 104 also includes a barcode reader 114 configured toacquire machine-readable optical code. The barcode reader 114 may be abarcode scanner which illuminates a machine-readable optical code withred light. A sensor in the barcode scanner detects the reflected lightand generates an analog signal with varying voltage that represents theintensity of the reflection. A converter changes the analog signal to adigital signal which is fed to a decoder. The decoder converts the codeto an ASCII text, which is stored in the memory 112.

According to disclosed embodiments, the barcode reader 114 is configuredto read a one-dimensional barcode or a Quick Response (QR) code. A QRcode is a matrix or two-dimensional barcode. A QR code includes squaredots arranged in a square grid on a white background, which can be readby a barcode reader. The barcode or QR code may be decoded into apatient identifier which identifies a patient by name, date of birth, orother identifying information.

The mobile device 104 also includes a transceiver 140 coupled to anantenna 144. The transceiver 118 includes conventional transmit andreceive circuitry configured to transmit and receive signals wirelesslyvia the antenna 120 over a wireless network such as the network 122.

FIG. 2 illustrates an exemplary application 200 executable on the mobiledevice 104. The application 200 may reside in the mobile device 104 ormay reside remotely such as, for example, in the application server 134.When the application 200 resides in the application server 134, a usermay download and access the application over the networks 122 and 126using the mobile device 104.

The application 200 provides a username 204 field and a password 208field displayed on the mobile device 104. A user can login by entering ausername and a password. Upon successful login a connection isestablished with a secure server such as the server 130 and the server134 over the networks 122 and 126. Once the user is logged on, a webpage 300 is displayed which has a scan button 304 as shown in FIG. 3.The user can press the scan button 304 to activate the barcode reader114 of the mobile device 104 to read a machine-readable optical code. Asdiscussed before, the machine-readable optical code may be a standardone-dimensional barcode or a QR code. The code may be decoded into apatient identifier which identifies a patient.

FIG. 4 shows a QR code 404 acquired by the mobile device 104. The QRcode 404 may be processed using an error correction method so that theimage in the QR code 404 can be interpreted. The data in the QR code 404is extracted (i.e., decoded) from patterns present in horizontal andvertical components of the image. For example, the QR code 404 may bedecoded into a patient identifier which identifies a patient by name,date of birth or other identifying information.

According to disclosed embodiments, a volatile memory space in thevolatile memory 120 is allocated by the processor 108 for a definedsession and de-allocated at the termination of the session. The sessionis defined for a predetermined time period. According to disclosedembodiments, the volatile memory space may be allocated by applyingelectrical power to the volatile memory 120 and de-allocated by removingelectrical power at the termination of the session.

According to disclosed embodiments, the acquired machine-readableoptical code (e.g., QR code 404) is stored in the allocated volatilememory space. The volatile memory space may be a random access memory(RAM). The stored code is then encrypted and transmitted to a remoteserver using a secure transmission protocol. For example the code may beencrypted and transmitted to the application server 134 over thenetworks 122 and 126. In accordance with the secure transmissionprotocol, at the remote server the encrypted code is authenticated uponreception.

According to disclosed embodiments, after the termination of thesession, the volatile memory space is de-allocated which causes thestored code and any other patent health information (PHI) to be erasedfrom the volatile memory space. The volatile memory space isde-allocated by removing electrical power from the volatile memory.Consequently, any PHI and other patient data are not persistentlyretained in the mobile device 104 after the termination of the session.

Thus, it will be appreciated that the disclosed embodiments providesecure acquisition and transmission of PHI in compliance with HIPAA.Since the patient identifier and all other PHI are erased from thevolatile memory after the defined session, and thus not persistentlyretained by the mobile device 104, the data is protected from intrusionand misappropriation. Also, because the transmitted data is encrypted,they are prevented from unauthorized interception.

FIG. 5 is a flow diagram of a method according to disclosed embodiments.In block 504, a machine readable optical code is read by a mobiledevice. For example, a QR code may be read by the barcode scanner 114 ofthe mobile device 104.

In block 508, the optical code is decoded into a patient identifier. Forexample, the QR code may be decoded into a patient identifier byextracting the data from the patterns in horizontal and verticalcomponents of the image in the QR code. The patient identifier may be anASCII code that identifies a patient by name, date of birth and/or otheridentifying information.

In block 512, a volatile memory space is allocated for a definedsession. The volatile memory space may be allocated for a predeterminedtime period by applying electrical power to the volatile memory. Inblock 516, the patient identifier is stored in the allocated volatilememory space. In block 520, the patient identifier is encrypted andtransmitted using a secure transmission protocol. For example, thepatient identifier may be transmitted using a secure transmissionprotocol to the database 138 over the networks 122 and 126.

According to disclosed embodiments, the database 138 is searched usingthe patient identifier for corresponding patient data. For example, asearch engine in the application server 134 may be used to search thedatabase 138 and retrieve patent data corresponding to the patientidentifier.

In block 524, a patient billing record is retrieved from the database138 and the billing record is partially or completely filled with thepatient data. Thus, the billing record is at least partially filled thepatient data which may include PHI.

According to disclosed embodiments, the database 138 is configured toauto-complete one or more fields in the billing record. Also, thedatabase 138 features selection data entry fields that are updated withuser interaction. The database 138 dynamically collects data, whicheliminates the need for end user platform releases as new data gatherentries are implemented.

In block 528, the partially (or completely) filled billing record isdownloaded by the mobile device 104 over the networks 122 and 126, andthe billing record is displayed on the mobile device 104. FIG. 6 shows apartially filled billing record 604 displayed on the mobile device 104.

The billing record may be stored in the volatile memory 120. After thetermination of the defined session, the volatile memory 120 isun-allocated, thus erasing the billing record, the patient data or anyother PHI. Consequently, after the termination of the session, no PHI isretained by the mobile device 104.

FIG. 7 is a flow diagram of a method according to disclosed embodiments.In block 704, the patient identifier is received by the database 138. Asdiscussed before, the mobile device 104 transmits the patient identifierover the networks 122 and 126 to the database 138. In block 708, thedatabase 138 is searched using the patient identifier, and patient datacorresponding to the patient identifier is retrieved from the database138. A search engine in the application server 134 may be utilized tosearch and retrieve the patient data from the database 138. In block712, the patient data is downloaded by the mobile device 104 over thenetworks 122 and 126.

Those skilled in the art will recognize that, for simplicity andclarity, the full structure and operation of all systems suitable foruse with the present disclosure is not being depicted or describedherein. Instead, only so much of a system as is unique to the presentdisclosure or necessary for an understanding of the present disclosureis depicted and described. The remainder of the construction andoperation of the disclosed systems may conform to any of the variouscurrent implementations and practices known in the art.

Of course, those of skill in the art will recognize that, unlessspecifically indicated or required by the sequence of operations,certain steps in the processes described above may be omitted, performedconcurrently or sequentially, or performed in a different order.Further, no component, element, or process should be consideredessential to any specific claimed embodiment, and each of thecomponents, elements, or processes can be combined in still otherembodiments.

It is important to note that while the disclosure includes a descriptionin the context of a fully functional system, those skilled in the artwill appreciate that at least portions of the mechanism of the presentdisclosure are capable of being distributed in the form of instructionscontained within a machine-usable, computer-usable, or computer-readablemedium in any of a variety of forms, and that the present disclosureapplies equally regardless of the particular type of instruction orsignal bearing medium or storage medium utilized to actually carry outthe distribution. Examples of machine usable/readable or computerusable/readable mediums include: nonvolatile, hard-coded type mediumssuch as read only memories (ROMs) or erasable, electrically programmableread only memories (EEPROMs), and user-recordable type mediums such asfloppy disks, hard disk drives and compact disk read only memories(CD-ROMs) or digital versatile disks (DVDs).

Those skilled in the art to which this application relates willappreciate that other and further additions, deletions, substitutionsand modifications may be made to the described embodiments.

None of the description in the present application should be read asimplying that any particular element, step, or function is an essentialelement which must be included in the claim scope: the scope of patentedsubject matter is defined only by the allowed claims. Moreover, none ofthese claims are intended to invoke paragraph six of 35 USC §112 unlessthe exact words “means for” are followed by a participle.

What is claimed is:
 1. A method comprising: reading by a mobile device amachine-readable optical code; decoding the optical code into a patientidentifier; transmitting the patient identifier to a database; receivingfrom the database an at least partially filled billing record withpatient data corresponding to the patient identifier; and displaying onthe mobile device the at least partially filled billing record.
 2. Themethod of claim 1, wherein the patient identifier is an ASCII code thatidentifies a patient.
 3. The method of claim 1, further comprising:searching the database using the patient identifier; retrieving thepatient data corresponding to the patient identifier; at least partiallyfilling a billing record with the patient data; and transmitting the atleast partially filled billing record to the mobile device.
 4. Themethod of claim 1, wherein the machine-readable optical code is a QuickResponse Code.
 5. The method of claim 1, wherein the machine-readableoptical code is a two-dimensional barcode.
 6. The method of claim 1,wherein the machine-readable optical code is a one-dimensional barcode.7. The method of claim 1, further comprising: allocating volatile memoryspace in the mobile device for a session; storing the patient identifierin the allocated volatile memory space; transmitting the patientidentifier using a secure transmission protocol during the session; andde-allocating the volatile memory space at the termination of thesession, wherein the de-allocation of the volatile memory space causesthe patient identifier to be erased from the volatile memory space. 8.The method of claim 1, further comprising: allocating volatile memoryspace in the mobile device for a session; storing the received patientdata and the at least partially filled billing record in the allocatedvolatile memory space; de-allocating the volatile memory space at thetermination of the session, wherein the de-allocation of the volatilememory space causes the stored patient data and the at least partiallyfilled billing record to be erased from the volatile memory space. 9.The method of claim 1, wherein the machine-readable optical code is readby a barcode reader.
 10. The method of claim 1, wherein themachine-readable optical code is read by an optical scanner.
 11. Asystem, comprising: a mobile communication device configured tocommunicate over a communication network, the mobile communicationdevice comprising: at least one processor; a volatile memory spacecoupled to the processor, the volatile memory space allocated for adefined session and de-allocated at the termination of the session; anda barcode reader configured to read a machine-readable optical code andto decode the optical code into a patient identifier, wherein theprocessor is configured to store the patient identifier, patient datacorresponding to the patient identifier, and a billing record at leastpartially filled with the patient data in the volatile memory space, andwherein the de-allocation of the volatile memory space erases storeddata in the volatile memory space.
 12. The system of claim 11, whereinthe patient identifier is an ASCII code that identifies a patient. 13.The system of claim 11, wherein patient identifier is transmitted by themobile device to a database, and wherein the at least partially filledbilling record including the patient data is received by the mobiledevice from the database.
 14. The system of claim 11, wherein the atleast partially filled billing record is displayed on the mobile device.15. The system of claim 11, wherein the database is searched using thepatient identifier.
 16. The system of claim 11, wherein themachine-readable optical code is a Quick Response Code.
 17. The systemof claim 11, wherein the machine-readable optical code is atwo-dimensional barcode.
 18. The system of claim 11, wherein themachine-readable optical code is a one-dimensional barcode.
 19. Thesystem of claim 11, wherein the de-allocation of the volatile memoryspace causes the stored data to not be persistently retained in themobile device.
 20. The system of claim 11, wherein the session isdefined for a predetermined time period.
 21. A method comprising:receiving by a database a patient identifier; searching the database andretrieving patient data corresponding to the patient identifier, whereinthe patient data includes patient health information; at least partiallyfilling a billing record with the patient data; and transmitting the atleast partially filled billing record to a mobile device using a securetransmission protocol.
 22. The method of claim 21, wherein the patientidentifier is an ASCII code that identifies a patient.
 23. The method ofclaim 21, further comprising transmitting the at least partially filledbilling record over the Internet.